Elasticsearch is prone to an arbitrary code-execution vulnerability. An attacker could exploit this issue to execute arbitrary Java code in the context of the application. Versions prior to ElasticSearch 1.2 are vulnerable.